review.tizen.org Git - external/binutils.git/commit

gas/arc: Fix array overrun when checking opcode array

The opcode array iterator mechanism can, in some situations, result in
reading memory outside of the opcode array. When using the
iterator-next mechanism to find the next possible arc_opcode, if we find
an opcode where the name field is NULL, or the name does not match, then
the cached opcode pointer is not set to NULL. The result is that
another call to iterator-next will again increment the opcode
pointer (which might now point outside the opcode array) and attempt to
access the name field of this undefined opcode.

Fixed in this commit by clearing the cached opcode pointer.

I've added a test case, which currently shows the bug, however, this
will only expose this bug while the opcode used (dsp_fp_cmp) is the last
opcode in the table.

gas/ChangeLog:

* config/tc-arc.c (arc_opcode_hash_entry_iterator_next): Set
cached opcode to NULL when we reach a non-matching opcode.
* testsuite/gas/arc/asm-errors-2.d: New file.
* testsuite/gas/arc/asm-errors-2.err: New file.
* testsuite/gas/arc/asm-errors-2.s: New file.

author	Andrew Burgess <andrew.burgess@embecosm.com>
	Wed, 4 May 2016 12:57:10 +0000 (13:57 +0100)
committer	Andrew Burgess <andrew.burgess@embecosm.com>
	Wed, 18 May 2016 21:23:40 +0000 (22:23 +0100)
commit	fe779266b39080e49b04e61160e6af8be439c182
tree	eb04a4b1580f98787b108ce580e185c086506c11	tree \| snapshot
parent	3b889a787863d22694bb53eb08160c94ab52c58d	commit \| diff

gas/ChangeLog		diff \| blob \| history
gas/config/tc-arc.c		diff \| blob \| history
gas/testsuite/gas/arc/asm-errors-2.d	[new file with mode: 0644]	blob
gas/testsuite/gas/arc/asm-errors-2.err	[new file with mode: 0644]	blob
gas/testsuite/gas/arc/asm-errors-2.s	[new file with mode: 0644]	blob